csrf - Does Tornado's XSRF protection work in a round-robin environment? -


i intend use tornado's xsrf protection in web app. wonder: if need scale have cluster of servers, still work - or request fail if preceding request had gone different server?

the xsrf token has no state on server: is not checked against known or stored value, other 2 instances of token in request:

  1. the _xsrf cookie
  2. any 1 of:
    • the x-xsrftoken header
    • the x-csrftoken header
    • the _xsrf argument (e.g. ?_xsrf=... get request)

so doesn't matter if requests not serviced same instance of web server. true of other web servers too.


Comments

Post a Comment

Popular posts from this blog

javascript - Bootstrap Popover: iOS Safari strange behaviour -

i looking through twitter bootstrap documentation, , i'm interested in implementing dismissible popover when button clicked. here example bootstrap's docs: http://getbootstrap.com/javascript/#dismiss-on-next-click when press "dismissible popover" button os x safari browser works fine. when access same link above ios safari, button not work. is, popover not dismissed on click. why button not working ios safari? the example linked using data-trigger="focus" attribute. try changing data-trigger="click" . <a tabindex="0" class="btn btn-lg btn-danger" role="button" data-toggle="popover" data-trigger="click" title="dismissible popover" data-content="and here's amazing content. it's engaging. right?">dismissible popover</a>
Read more

Magento/PHP - Get phones on all members in a customer group -

i working on custom magento extension. working around adminhtml part , i've created custom form there. here form code: <?php class vivasindustries_smsnotification_block_adminhtml_sms_sendmass_edit_form extends mage_adminhtml_block_widget_form { public function _preparelayout() { $extensionpath = mage::getmoduledir('js', 'vivasindustries_smsnotification'); $head = $this->getlayout()->getblock('head'); $head->addjs('jquery.js'); $head->addjs('vivas.js'); return parent::_preparelayout(); } protected function _prepareform() { $form = new varien_data_form(array( 'id' => 'edit_form', 'action' => $this->geturl('*/*/save', array('id' => $this->getrequest()->get...
Read more

spring cloud - How to configure SpringCloud Eureka instance to point to https on non standard port -

i using spring boot/cloud actuator, , annotate application class @enableeurekaclient, applications comes , registers correctly eureka server. however, because configure application run on https, , on port 8444, eureka instance not registered correct protocol, instead using http. example http://localhost:8761/eureka/apps/ gives me <homepageurl>http://localhost:8444/</homepageurl> <statuspageurl>http://localhost:8444/info</statuspageurl> <healthcheckurl>http://localhost:8444/health</healthcheckurl> there no such thing securehomepageurl or securestatuspageurl - securehealthcheckurl exists. check com.netflix.appinfo.eurekainstanceconfig properties transmitted server when eureka client registers. however, having home/status/health page urls not showing https protocol doesn't mean instance isn't registered. matters whether or not secure port enabled. check following properties in client configuration: eureka.instance.se...
Read more